Re: Allow/Deny directive and https

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: users@xxxxxxxxxxxxxxxx
Subject: Re: Allow/Deny directive and https
From: "J.M. Castroagudin" <jose.castroagudin@xxxxxxxxx>
Date: Wed, 26 Sep 2007 18:22:07 +0200
In-reply-to: <e498c1660709250953s285fda92v70b5b63452dbddf2@xxxxxxxxxxxxxx>
Reply-to: users@xxxxxxxxxxxxxxxx
User-agent: Thunderbird 1.5.0.13 (X11/20070824)

Thank you very much, Joshua (and thank you all)

I have tried:

(code)

<VirtualHost *:443>
DocumentRoot "/disc/html/https"
ServerName secure.foo.com

....

<Directory /disc/html/https/intranet>
   Order Deny,Allow
   Deny from All
#    Allow from env=intranet
</Directory>

....

</VirtualHost>

(/code)

And it does not work. I still can connect to /intranet...

I also tried:
(code)

<VirtualHost *:443>
DocumentRoot "/disc/html/https"
ServerName secure.foo.com
....
<Location /intranet/>
   Order Deny,Allow
   Deny from All
#    Allow from env=intranet
</Location>

...

</VirtualHost>

(/code)

... It just dont work..

Now i must review the entire configuration (it is a kinda complicatedconfiguration, lots of sites and files), looking for something thatcould be overriding this directive. I will let you know if i find outsomething...


Thank you all again. And if anyone else have any idea, i will be grateful.




Joshua Slive escribió:

On 9/13/07, J.M. Castroagudin <jose.castroagudin@xxxxxxxxx> wrote:

Hi everybody,

I have been trying to limit access to certain 'directories' (inside a
https vhost) based on IP directives. Something like this:


SetEnvIf remote_addr W.X.Y.Z intranet
SetEnvIf Client-ip W.X.Y.Z intranet


<VirtualHost *:443>
DocumentRoot "/disc/html/https"
ServerName secure.foo.com

....

<Directory /disc/html/https/intranet>
    Order Deny,Allow
    Deny from All
    Allow from env=intranet
</Directory>

....

</VirtualHost>


There is only a https virtual host in this server.

But it seems not to work as expected. Accesing via
'http://secure.foo.com', Deny and Allow directives work right (it is
defined before in conf file). Although, entering via
'https://secure.foo.com', everybody has acces to this directory...


Start by replacing your mod_setenvif-based config with a simple "Deny
from all" and make sure that works. If it doesn't work, you likely
have something else in the config file overriding it. For example,
directives in <Location> sections will override <Directory> sections.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx

References:
- Allow/Deny directive and https
  - From: J.M. Castroagudin
- Re: Allow/Deny directive and https
  - From: Joshua Slive

Prev by Date: Allowing one IP gives all access
Next by Date: Disable directory browsing
Previous by thread: Re: Allow/Deny directive and https
Next by thread: apache 2.2.3 + worker mpm + mod_cgid == problem ?
Index(es):
- Date
- Thread

[Index of Archives] [Open SSH Users] [Linux ACPI] [Linux Kernel] [Linux Laptop] [Kernel Newbies] [Security] [Netfilter] [Bugtraq] [Squid] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Video 4 Linux] [Device Mapper]